Request a Demo Contact Us

HTTP Request Smuggling

HTTP request smuggling is a cyber-attack method in which an attacker inserts a second request into an original request between a front-end and back-end server.

HTTP request smuggling is a cyber-attack method in which an attacker inserts a second request into an original request between a front-end and back-end server. In a successful HTTP request smuggling attack, the second request is “smuggled” in the initial request and then processed by the back-end server. Hackers frequently execute HTTP request smuggling attacks by altering the Content-Length and Transfer-Encoding HTTP headers. HTTP request smuggling attacks are often high impact as they frequently enable unauthorized data access, bypass security schemes, and directly compromise other application users.

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.

Get started with Bugcrowd

Hackers aren’t waiting, so why should you? See how Bugcrowd can quickly improve your security posture.